<?php

Class Security
{
	private $_config;

	public function __construct()
	{
		// Load the configuration file
		$this->_config = new Zend_Config_Ini('./application/config.ini','production');
   	}	
   	
	/* Function allowed_to_execute_ajax($http_referer)
	 * @Params: $http_referer
	 * @Return: array(result,message) => 1 for allowed, 0 for denied, message is only retruned when result is 0
	 * 
	 * This function ensures that the AJAX request submitted is directly from this server 
	 * and that no one can load the data via cURL
	 */
	public function allowed_to_execute_ajax($http_referer)
	{		
		#return array('result'=>1); # Override the security settings
		// Check the passed parameters against values from the configuration file
		if ($_SERVER['DOCUMENT_ROOT'] != $this->_config->document_root)
		{			
			return array('result'=>0,'message'=>'0');
		}
		return array('result'=>1);
	}
}
?>